CYBERSHEATH BLOG

A few short months ago in April, Verizon released their annual publication of the Data Breach Investigations Report, and after reviewing the report, we would recommend that you pack up the rod and reel, and throw your waders on, because the theme of this year’s report is ‘gone phishing for credentials.’

According to a recent report conducted by PhishMe, 93 percent of all phishing attacks contained encryption ransomware, up 56 percent from December of 2015. This heightened growth can be attributed to the ease of sending ransomware via phishing emails that contain job applicant, billing, shipping, and invoice-related messages with seemingly harmless attachments.

The recent news of two new zero-day exploits for Windows and Adobe users was disconcerting for many. The Windows bug is being exploited in the wild, which users should install fixes as soon as possible. Cataloged as CVE-2016-0189, the exploit allows attackers to execute malicious code when vulnerable computers visit booby-trapped websites. According to ARS Technica and Symantec, many of the targeted attacks have been aimed at South Korean websites. The vulnerability exists in the Jscript and VBScript engines and is exploited using Internet Explorer. According to Symantec, the exploit may have been delivered through a link included in a spear-phishing email, or a compromised, legitimate website that redirected users to the exploit. The landing page contained JavaScript code that profiled the computer belonging to the user visiting the site. South Korea was severely impacted by this zero-day attack, which is heavily reliant on Internet Explorer. Attackers target South Korean organizations often to gain remote access to South Korean organization computers, steal sensitive data, or even wipe hard drives. The Adobe bug was recently identified in a Flash vulnerability that gives attackers the ability to remotely hijack machines and is currently being exploited in the wild. FireEye first reported the vulnerability on May 10. The vulnerability affects Windows, Mac, Linux, and Chrome OS. The CVE number is CVE-2016-4117.

Recently, Verizon released its 2016 Data Breach Report, which has served to assist the security community in managing risk and avoiding security incidents since 2008. In the report, one can find data on almost all aspects of the current cyber security risk landscape. With that being said, I was most intrigued by the findings related to phishing attacks, a form of social engineering that seeks to exploit an organization’s greatest risk – humans.

On February 4th, Anthem Inc., the nation’s second largest health insurer, disclosed that hackers had broken into its servers and stolen data from over 80 million customer records. The information stolen from the insurance enterprise includes names, birthdays, medical IDs, social security numbers, street addresses, e-mail addresses and employment information, including income data.